Main Vulnerability Database Vulnerabilities #VU79735

#VU79735 Buffer overflow in tinyproxy - CVE-2001-0129

Published: August 20, 2023

Vulnerability identifier: #VU79735

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2001-0129

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
tinyproxy

Software vendor:
tinyproxy

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing CONNECT requests. A remote attacker can send an overly long CONNECT request to the server, trigger memory corruption and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

http://marc.info/?l=bugtraq&m=97975486527750&w=2
http://www.debian.org/security/2001/dsa-018
http://www.securityfocus.com/bid/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/5954

#VU79735 Buffer overflow in tinyproxy - CVE-2001-0129

Description

Remediation

External links

Please verify you're human